diff options
author | Robert Newson <rnewson@apache.org> | 2012-11-18 19:02:07 +0000 |
---|---|---|
committer | Robert Newson <rnewson@apache.org> | 2012-11-18 20:46:42 +0000 |
commit | f391155280ccdc8f15b94bd8e5753985bd0b26e0 (patch) | |
tree | 92a99726bc64214106685f77556bb411d55fc29b | |
parent | c575248144397ee07de60a7e09683f5b44c68311 (diff) | |
download | couchdb-f391155280ccdc8f15b94bd8e5753985bd0b26e0.tar.gz |
Support auth cookies with : characters
The parts of a couchdb authentication cookie are separated by
colons. One of these parts can contain colons and, more rarely, runs
of colons. The string:tokens function silently drops any empty token,
thus giving a spurious failure for valid input. The fix changes this
mechanism to one that losslessly decodes this part.
COUCHDB-1607
-rw-r--r-- | src/couchdb/couch_httpd_auth.erl | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/couchdb/couch_httpd_auth.erl b/src/couchdb/couch_httpd_auth.erl index 0b4ba8f86..5226a56a6 100644 --- a/src/couchdb/couch_httpd_auth.erl +++ b/src/couchdb/couch_httpd_auth.erl @@ -160,7 +160,7 @@ cookie_authentication_handler(#httpd{mochi_req=MochiReq}=Req) -> Cookie -> [User, TimeStr | HashParts] = try AuthSession = couch_util:decodeBase64Url(Cookie), - [_A, _B | _Cs] = string:tokens(?b2l(AuthSession), ":") + [_A, _B | _Cs] = re:split(?b2l(AuthSession), ":", [{return, list}]) catch _:_Error -> Reason = <<"Malformed AuthSession cookie. Please clear your cookies.">>, |